Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
i
InfosecGuruji
06/25/2019, 1:12 PMIs anybody forwarding osquery logs (json) to any open source threat intelligence platform like YETI or MISP? If yes, how do you approach it? How do you perform threat hunting with OSQuery (Windows mostly)
d
Dan
06/25/2019, 9:55 PMYou will likely want to place a SIEM in the middle that pulls/pushes to a TIP like YETI or MISP.
Not all of your event data will necessarily be related to a confirmed event or incident
i
InfosecGuruji
06/26/2019, 12:58 PMThanks for the info. Do you have any good resource to read up on top of your head regarding same?
j
jamie
06/27/2019, 2:05 PMairbnb sends osquery logs to streamalert via kinesis, matches ioc from anomali
(they do this for all events now not just syslog)
i
InfosecGuruji
06/27/2019, 2:09 PMInteresting. Thanks @jamie